选择具有多个where子句的字段

时间:2015-03-20 08:31:31

标签: where

我需要选择一个包含多个where子句的字段。以下查询会导致语法错误。

String selectquery="SELECT" +KEY_EXPAMT+ "FROM" +TABLE_EXP+ "WHERE" 

+KEY_EXPCAT+ "='" +String.valueOf(cat)+ "'AND " +KEY_EXPMONTH+ "='" 

+String.valueOf(month)+ "' AND " +KEY_EXPYEAR+ "='" +String.valueOf(year)+ "' 

AND " +KEY_EXPFROM+ "='" +String.valueOf(from)+"'";

SQLiteDatabase db = this.getWritableDatabase();

Cursor cursor = db.rawQuery(selectquery, new String[]{cat, month,year,from});

logcat的:

  

03-20 15:01:36.606 19106-19125 / com.expense.javed.expensetrackingsystem D / OpenGLRenderer:渲染所请求的脏区:true   03-20 15:01:36.623 19106-19106 / com.expense.javed.expensetrackingsystem D / Atlas:验证地图......   03-20 15:01:36.680 19106-19125 / com.expense.javed.expensetrackingsystem I / Adreno-EGL :: EGL 1.4 QUALCOMM build:AU_LINUX_ANDROID_LA.BF.1.1.04.04.02.162.107_msm8226_LA.BF.1.1__release_AU()       OpenGL ES着色器编译器版本:E031.25.01.03       建造日期:2014年10月28日星期二       当地分行:       远程分支:quic / l_LNX.LA.3.6       本地补丁:无       重建分支:AU_LINUX_ANDROID_LA.BF.1.1.04.04.02.162.107 + cb93e16 + f50fe49 + d7c18e6 + 5b9a565 + 0f3a25d + 607156e + 75511aa + e4d16c0 + 686f3eb + 211a271 + dd281ee + NOTHING   03-20 15:01:36.683 19106-19125 / com.expense.javed.expensetrackingsystem I / OpenGLRenderer:初始化的EGL,版本1.4   03-20 15:01:36.762 19106-19125 / com.expense.javed.expensetrackingsystem D / OpenGLRenderer:启用调试模式0   03-20 15:01:48.482 19106-19106 / com.expense.javed.expensetrackingsystem I / Choreographer:跳过30帧!应用程序可能在其主线程上做了太多工作。   03-20 15:01:48.494 19106-19125 / com.expense.javed.expensetrackingsystem V / RenderScript:应用程序请求的CPU执行   03-20 15:01:48.507 19106-19125 / com.expense.javed.expensetrackingsystem V / RenderScript:0xb862fc90启动线程,CPU 4   03-20 15:02:13.932 19106-19106 / com.expense.javed.expensetrackingsystem E / SQLiteLog:(1)near" SELECTexpenseamountFROMexpenseWHEREexpensecategory":语法错误   03-20 15:02:13.946 19106-19106 / com.expense.javed.expensetrackingsystem D / AndroidRuntime:关闭VM   03-20 15:02:13.962 19106-19106 / com.expense.javed.expensetrackingsystem E / AndroidRuntime:FATAL EXCEPTION:main       处理:com.expense.javed.expensetrackingsystem,PID:19106       android.database.sqlite.SQLiteException:near" SELECTexpenseamountFROMexpenseWHEREexpensecategory&#34 ;:语法错误(代码1):,编译时:SELECTexpenseamountFROMexpenseWHEREexpensecategory =' food' AND expensemonth =' march' AND expenseyear =' 2015'和费用来自=' InBank'               在android.database.sqlite.SQLiteConnection.nativePrepareStatement(本机方法)               在android.database.sqlite.SQLiteConnection.acquirePreparedStatement(SQLiteConnection.java:889)               在android.database.sqlite.SQLiteConnection.prepare(SQLiteConnection.java:500)               在android.database.sqlite.SQLiteSession.prepare(SQLiteSession.java:588)               在android.database.sqlite.SQLiteProgram。(SQLiteProgram.java:58)               在android.database.sqlite.SQLiteQuery。(SQLiteQuery.java:37)               在android.database.sqlite.SQLiteDirectCursorDriver.query(SQLiteDirectCursorDriver.java:44)               在android.database.sqlite.SQLiteDatabase.rawQueryWithFactory(SQLiteDatabase.java:1316)               在android.database.sqlite.SQLiteDatabase.rawQuery(SQLiteDatabase.java:1255)               在com.expense.javed.expensetrackingsystem.SqlLiteDb.updateExpense(SqlLiteDb.java:122)               在com.expense.javed.expensetrackingsystem.ExpensingAmountActivity $ 4 $ 1.onClick(ExpensingAmountActivity.java:145)               在com.android.internal.app.AlertController $ ButtonHandler.handleMessage(AlertController.java:160)               在android.os.Handler.dispatchMessage(Handler.java:102)               在android.os.Looper.loop(Looper.java:135)               在android.app.ActivityThread.main(ActivityThread.java:5312)               at java.lang.reflect.Method.invoke(Native Method)               在java.lang.reflect.Method.invoke(Method.java:372)               在com.android.internal.os.ZygoteInit $ MethodAndArgsCaller.run(ZygoteInit.java:901)               在com.android.internal.os.ZygoteInit.main(ZygoteInit.java:696)   03-20 15:02:15.674 19106-19106 / com.expense.javed.expensetrackingsystem I / Process:发送信号。 PID:19106 SIG:9   03-20 15:02:16.502 20366-20387 / com.expense.javed.expensetrackingsystem D / OpenGLRenderer:渲染请求的脏区:true   03-20 15:02:16.518 20366-20366 / com.expense.javed.expensetrackingsystem D / Atlas:验证地图......   03-20 15:02:16.576 20366-20387 / com.expense.javed.expensetrackingsystem I / Adreno-EGL :: EGL 1.4 QUALCOMM build:AU_LINUX_ANDROID_LA.BF.1.1.04.04.02.162.107_msm8226_LA.BF.1.1__release_AU()       OpenGL ES着色器编译器版本:E031.25.01.03       建造日期:2014年10月28日星期二       当地分行:       远程分支:quic / l_LNX.LA.3.6       本地补丁:无       重建分支:AU_LINUX_ANDROID_LA.BF.1.1.04.04.02.162.107 + cb93e16 + f50fe49 + d7c18e6 + 5b9a565 + 0f3a25d + 607156e + 75511aa + e4d16c0 + 686f3eb + 211a271 + dd281ee + NOTHING   03-20 15:02:16.578 20366-20387 / com.expense.javed.expensetrackingsystem I / OpenGLRenderer:初始化的EGL,版本1.4   03-20 15:02:16.609 20366-20387 / com.expense.javed.expensetrackingsystem D / OpenGLRenderer:启用调试模式0

1 个答案:

答案 0 :(得分:0)

不要这样做。您的代码容易受到SQL注入攻击。你应该真的使用预备语句吗?值的占位符,然后稍后设置值。或者,至少应该正确地逃避字符串。要了解SQL注入,请参阅http://en.wikipedia.org/wiki/SQL_injection

但是,至于你的错误,我认为这说明了一切:

  

" SELECTexpenseamountFROMexpenseWHEREexpensecategory =' food' AND expensemonth =' march' AND expenseyear =' 2015' AND expensefrom =' InBank'"

您的查询中缺少空格。

相关问题
最新问题